W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: XML certificate ...

From: Carl Ellison <cme@jf.intel.com>
Date: Wed, 10 May 2000 12:37:07 -0700
Message-Id: <>
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: Ken Goldman <kgold@watson.ibm.com>, w3c-ietf-xmldsig@w3.org
Hash: SHA1

At 02:34 PM 5/10/00 -0400, Donald E. Eastlake 3rd wrote:
>Why, for the certificate application, would you use a certificate as
>KeyInfo?  Why not just issuer and serial number? Or omit the KeyInfo
>entirely and encode signer information elsewhere in the XML
>certificate.  This seems like a good example of the need for
>flexibility in the format and optional presence of KeyInfo.

(issuer,serial number) is from the X.509 world and is one of the ways X.509 
is broken.

"issuer" is a  DN and might identify an issuer, if DN's were from a 
singly-rooted name space, as was the original plan in X.500.  DN's are not 
singly-rooted and never will be -- so using a DN as an identifier is broken.

Version: PGP Personal Privacy 6.0.2


|Carl Ellison      Intel             E: cme@jf.intel.com |
|2111 NE 25th Ave  M/S JF3-212       T: +1-503-264-2900  |
|Hillsboro OR 97124                  F: +1-503-264-6225  |
|PGP Key ID: 0xFE5AF240              C: +1-503-819-6618  |
|  1FDB 2770 08D7 8540 E157  AAB4 CC6A 0466 FE5A F240    |
Received on Wednesday, 10 May 2000 15:37:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC